Scribd
Upload
30 views

Linux Days 2002, Advanced Tutorial

This document summarizes the configuration of server applications on Linux, including Squid, SSH, FTP, mail servers, and the Horde webmail application. It discusses: 1. Configuring Squid for caching web requests, authentication, and access control through acl directives in squid.conf. 2. Setting up an SSH server for encrypted remote login and port forwarding capabilities. 3. Configuring a mail server with Sendmail for sending, receiving, and aliases, and an IMAP server for accessing mailboxes. 4. Installing and configuring Horde for web-based mail by modifying configuration files for preferences storage, application registration, and menu customization.

Uploaded by

tommy99
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
30 views

Linux Days 2002, Advanced Tutorial

This document summarizes the configuration of server applications on Linux, including Squid, SSH, FTP, mail servers, and the Horde webmail application. It discusses: 1. Configuring Squid for caching web requests, authentication, and access control through acl directives in squid.conf. 2. Setting up an SSH server for encrypted remote login and port forwarding capabilities. 3. Configuring a mail server with Sendmail for sending, receiving, and aliases, and an IMAP server for accessing mailboxes. 4. Installing and configuring Horde for web-based mail by modifying configuration files for preferences storage, application registration, and menu customization.

Uploaded by

tommy99
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

Linux Days 2002, Advanced Tutorial

Alain Knaff
[email protected]
Summary

1. Unix System Services
2. Mail subsystem



Server applications


General
Squid
Ssh
Ftp: wuftpd

Server application: Squid


Caches Web requests
Standalone daemon

Server application: Squid > configuration


Configured via /etc/squid/squid.conf:
acl name criterion parameters
http_access allow|deny [!]aclname
deny_info FILE aclname
authenticate_program /usr/lib/squid/ncsa_auth
/etc/shadow
Order (of http_access clauses) is important
Example:
Allow all access from inside
For outside access, ask for password
acl localNets src 10.0.0.0/255.0.0.0 127.0.0.1
acl password proyx_auth REQUIRED
http_access allow localNets
http_access allow password
http_access deny all
Documentation at http://www.squid-cache.org/


Server application: Squid > logfile


Log files can be found in
/var/log/squid/access.log

Example:
1033291882.682 132 127.0.0.1 TCP_MISS/200 14634 GET http://www.pt.lu/ -
DIRECT/194.154.192.107 text/html

1033377731.635 130 192.168.37.143 TCP_MISS/200 14626 GET
http://www.pt.lu/ aknaff DIRECT/194.154.192.107 text/html


> perl -e print localtime(1033377731.635)."\n"
Mon Sep 30 11:22:11 2002

Server applications: SSH


Encrypted remote login to other sites
Possibility to tunnel X protocol: ssh -X somehost
Possibility to tunnel aribitrary ports (protection against
snooping):
ssh -L 5900:localhost:5900 somehost
ssh -R 6001:localhost:6000 somehost
Default configuration suitable for most uses
Optional key-based authentication

Server applications: Wu.ftpd


Access to downloadable files
Started by xinetd
Not encrypted
Possibility to have "anonymous" users
/etc/ftpusers
Advanced configuration in /etc/ftpaccess
guest users
classes (limits number of logins)
upload directories
...
Server applications: Mail


Sendmail
sends mail to other machines
receives mail from other machines
Imap, Pop
allows users to browse their mailbox

Server applications: Mail > Sendmail


Standalone daemon
/etc/mail directory

Server applications: Mail > Sendmail (1)


aliases
nice names for users (incoming)
virtusertable
same as aliases, but for managing several mail domains
genericstable
nice names for users (outgoing)
mailertable
"manually" configure paths to certain destinations

Server applications: Mail > Sendmail (2)


local-host-names (sendmail.cw)
Defines which domains are local mailboxes
access
Spam control
relay-domains
Defines who may use this mailer
Destination or origin must be local (or both)
sendmail.mc (linux.mc)
Master configuration files

After changing one of the files, you need to type make
Server applications: Mail > Sendmail >
sendmail.mc


MASQUERADE_AS: outgoing domain name
FEATURE(dnsbl, ..., ...): spamcontrol
GENERICS_DOMAIN(mailhost.test.lu)

Server applications: Mail > Sendmail


Documentation at http://www.sendmail.org


Server applications: Mail > Imap


Started by xinetd
Needs almost no configuration
For encrypted operation, key File in
/usr/share/ssl/certs/imapd.pem
Access by mail client such as kmail or mozilla

Server applications: Mail > Imp


Web application: started by apache

Part of the Horde project

Horde is composed of several projects:
Imp: web mail
Turba: address book


Horde preparations (1)


Install php ( rpm -i php-4*.rpm )

On Redhat switch on short open tags in /etc/php.ini:
short_open_tag = On

Install missing pear modules
pear install http://pear.php.net/get/Log
pear install http://pear.php.net/get/Net_Socket
pear install http://pear.php.net/get/Mail_Mime

Horde preparations (2)


Webmail.conf file
# ###########################################
# Webmail configuration
Alias /horde/ "/usr/local/horde-2.1/"
Alias /webmail "/usr/local/horde-2.1/imp-3.1"

<Directory /usr/local/horde-2.1>
DirectoryIndex index.php
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
</Directory>

Include it from httpd.conf:
Include "/etc/httpd/conf/webmail.conf"


Horde basic setup


File: horde/config/horde.php
Where to store users preferences?
$conf[prefs][driver] = sql;
Where is the database located?
$conf[prefs][params][phptype]=mysql;
$conf[prefs][params][hostspec]=localhost;
$conf[prefs][params][username]=username;
$conf[prefs][params][password]=password;
$conf[prefs][params][database]=horde;
$conf[prefs][params][table]=horde_prefs;
How to send mail?
$conf[mailer][type] = smtp;


Horde registry (apps and authentication)

File: horde/config/registry.php
Chose application which manages login:
$this->registry[auth][login] = imp;
$this->registry[auth][logout] = imp;

Activate applications:
$this->applications[imp] = array(
fileroot => dirname(__FILE__) . /../imp,
webroot => $this->applications[horde][webroot]./imp,
icon => $this->applications[horde][webroot]./imp/graphics/imp.gif,
name => _("Mail"),
allow_guests => false,
show => true
);

$this->applications[turba] = array(
fileroot => dirname(__FILE__) . /../turba,
webroot => $this->applications[horde][webroot]./turba,
icon => $this->applications[horde][webroot]./turba/graphics/turba.gif,
name => _("Addressbook"),
allow_guests => false,
show => true
);


Imp header menu

File: horde/imp/config/menu.php
Add icon for Turba, the address manager
$_menu[] = array(
url => /horde/turba,
text => Address Book,
icon => turba.gif,
icon_path => /horde/turba/graphics,
target => _blank,
onclick =>
);


Next presentation

Iptables (firewall) setup

You might also like